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Carousell secures and scales 
their ecommerce marketplace 


with Cloudflare 


In a world where mobile apps enable users to process transactions, 
source luxury goods, and instantly communicate with people around the 
world, both speed and security are key. That gave Quek Siu Rui, Lucas 
Ngoo, and Marcus Tan the idea for Carousell: a smartphone- and web- 
based marketplace that makes buying goods as easy as chatting and 
selling them as easy as snapping a photo. 


Founded in 2012, Carousell is one of the largest C2C ecommerce 
marketplaces in Southeast Asia, with customers across Singapore, 
Indonesia, Hong Kong, Malaysia, Taiwan, Australia, and the Philippines. 
Users can purchase and sell items from a variety of categories — cars, 
property, fashion, household appliances, assistive devices, electronics, 
and more — and post job listings or offer services across an equally 
expansive range of industries. 


Carousell chief architect Harshad Rotithor estimates that more than a 
quarter of Singapore's entire population uses the platform, which boasts 
more than 250 million listings to date. Those figures are expanding 

as more users flock to the site, bringing a host of new performance 
challenges to overcome. 


The challenge 


Carousell serves around 1 PB of images per month and utilizes artificial 
intelligence to create a frictionless user experience for anyone looking 
to buy or sell items on their platform. In order to meet intensive 
performance requirements for a rapidly expanding regional customer 
base, they need a cloud provider that can ensure uptime during high- 
traffic events and cache dynamic pages on an as-needed basis. 


These issues come into sharp focus during Carousell’s periodic “flash 
sales” — a recurring limited-time event when they partner with sellers 
to provide deep discounts for buyers. Just one of these flash sales can 
attract over 3x the amount of traffic Carousell typically sees. 


“Users come with certain expectations that the site will load quickly and 
that they will get to browse the various products on display and get to 
deals as quickly as possible,” Harshad explains. “If we fail to provide 
that, it gives our customers a very bad user experience. We want to 
ensure that our customers always get a very smooth experience on 
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carousell 


Key Results 


* Cloudflare helps Carousell 
handle traffic spikes of 3x their 
normal traffic on sale days. 


+ With Cloudflare, Carousell sees 
a cache hit ratio of around 60% 
for image bandwidth. 


* Carousell uses ~50 Page Rules 
to manage traffic customization. 


* Cloudflare empowers Carousell 
to thwart cyber attacks 
and deliver a premium user 
experience. 


Carousell and can easily buy, sell, and communicate about the products 
they find.” 


It isn’t an easy task, especially as the rapid influx of traffic during flash 
sales places a significant strain on the platform. Initially, Carousell 
turned to Amazon CloudFront to keep their site running smoothly, 

but soon found that they were not able to handle the site’s growing 
audience and performance needs. 


Caching made simple with the Cloudflare global network 
In 2016, Carousell switched to Cloudflare. 


“It started off as a solution for our DNS and SSL termination 
requirements,” says Harshad. “Then we started exploring the ability to 
cache our assets at Cloudflare and started partially moving our assets 
over from a different CDN. Now, we are 100% cached on Cloudflare.” 


With data centers in 200 cities and 90+ countries worldwide, Cloudflare 
helps Carousell cache their assets on the network edge, bringing 
content as close to end users as possible. This ensures that the 

site never experiences outages during high-visibility sales or loses 
customers due to slow page loads. 


Cloudflare also enables Carousell to cache dynamic pages for short 
durations, which allows them to easily handle a huge amount of traffic 
during flash sales and provide a seamless user experience. 


“Cloudflare handles our requirements of a CDN, WAF, caching layer, SSL 
endpoint, and DNS,” Harshad adds. “These products help us meet our 
business metrics while giving us an excellent return on our investment.” 


Automatic WAF protection helps Carousell secure 
customer data 


In addition to scaling and speeding up their platform, Carousell needs 
to stay ahead of volumetric security threats like DDoS attacks and 
malicious bot activity. Bots scrape content and drain internal resources 
by forcing Carousell to invest in additional infrastructure to serve bot- 
generated requests — even though Carousell doesn’t reap any benefit 
from the increase in traffic. 


Staying ahead of these attacks requires Carousell to adopt a 
comprehensive security solution, one that safeguards customer data 
and offers premium protection without performance trade-offs. 


“We explored the web application firewall offered by Cloudflare and 

it ticked all our boxes,” says Harshad. “It had the basic OWASP- 

related rules as well as various other specialized rules that Cloudflare 
themselves had added. We also had the ability to add custom rules. So 
all of the features essentially made it a perfect fit for our needs.” 


The Cloudflare Web Application Firewall (WAF) leverages collective 
threat intelligence to identify and prevent malicious requests, 
empowering users to proactively defend against incoming attacks and 
ensure application availability. And it seamlessly integrates with bot 
mitigation and DDoS attack protection to shield sites from resource- 
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“Cloudflare ensures that 
we have the tools to 
mitigate those attacks 
without any impact on 
our end users, even if 
adversaries choose to try 
out any attacks on us.” 


HARSHAD ROTITHOR 
Chief Architect, Carousell 


draining bots, DDoS threats, cross-site scripting (XSS), and other 
attacks. 


“Even after turning on almost all of the firewall features, we haven't 
seen any measurable hit on the latency,” Harshad says. “That is one of 
the biggest benefits that we get out of Cloudflare. Since the security 
features don’t impact our overall site performance, the user experience 
doesn’t degrade with all of these checks that are put in place.” 


Integrated performance and security is key to a seamless 
user experience 


Today, Carousell doesn’t have to worry about keeping up with their user 
base or trying to get ahead of potential attacks. Cloudflare’s integrated 
security and performance solutions allow them to do both, which 
means that users are guaranteed a smoother experience every time 
they come to shop or sell. 


“Cloudflare is key for the experience that we offer to our users,” says 
Harshad, “and the focus that Cloudflare has taken — of helping make 
the Internet a better place — is key for us, because any product that 
Cloudflare develops would essentially benefit our end users and, in turn, 
improve the experience they have on Carousell. So it’s a win-win for us.” 


For an online copy please visit 
https://www.cloudflare.com/case-studies/carousell/ 
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